Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-11349

The "stream" request-map in ecommerce and commonext controllers requires authentication

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Release Branch 18.12, Release Branch 17.12, Trunk
    • Fix Version/s: 18.12.01, 17.12.01
    • Component/s: commonext, ecommerce
    • Labels:
      None
    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      For security reason, the "stream" request-map

      1. in ecommerce controller have been temporarily commented out.
      2. in commonext controller has been changed to require authentication.

      We will need to

      1. put back the functionnalities allowed by the "stream" request-map in ecommerce .
      2. later check that mandatory authentication in commonext controller no impact.

      Eventually it turned out that we simply needed to require authentication in both cases (back and front ends). Because in ecommerce/ecomseo webapps the stream request is only used to post images in blog entries an you need to be logged in to do so.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jleroux Jacques Le Roux
                Reporter:
                jleroux Jacques Le Roux
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: